Then, using rainbow tables (a list of plaintext keys/passwords and their encrypted equivalent), Nohl found he could discover the SIM card’s cryptographic key in about one minute. By sending his own OTA SMSes that aren’t signed with the correct key, he discovered that some phones pop up an error message that contains a cryptographic signature. Now, German security researcher Karsten Nohl has discovered a way of finding out that all-important cryptographic key. These messages are signed with a cryptographic key, so that the SIM knows that these messages have originated from a trusted source.
#SIM CARD HACK FOR ATT UPDATE#
To load apps onto the SIM or to update them, hidden text messages are sent by the carrier, containing over-the-air (OTA) programming in binary form. Your phone interacts with these apps via the SIM Application Toolkit (STK) to display information on your screen, and to interact with the outside world. Java Card essentially runs small Java applets, and each applet is encapsulated and firewalled (sandboxed) by the Java VM, preventing sensitive data from leaking to other apps. In this case, modern SIM cards run a very simple OS that loads up Java Card - a version of the Java virtual machine for smart cards (of which SIMs are a variety of). In the photo below of a disassembled SIM card, you can clearly see that this is quite a complex computer chip.Īnd, unfortunately, like any computer chip that runs an operating system and apps, a SIM card can be hacked. As you can see in the diagram below, there is a chip beneath those gold contacts, and on that chip there is a processor, ROM (firmware that stores the OS and SIM apps), EEPROM (which stores your phone book, settings, patches), and RAM (for use by the SIM’s OS and apps). In actuality, the SIM card in your phone is actually a small computer, with memory, a processor, and even an operating system. Now that a proof of concept has been demonstrated, we wouldn’t be surprised if the billions of other SIMs in circulation are also vulnerable to other attack vectors.įor the longest time, I thought that SIM cards were merely a piece of laminated memory that stored the data that your phone needs to connect to a cellular network (ICCID, Ki, etc.), along with enough space to store a few phone numbers. The hacks allow a would-be attacker to infect your SIM with a virus that sends premium text messages, or records your phone calls - and, in some cases, access the secure, sandboxed details stored on your SIM by mobile payment apps, giving a hacker access to your bank and credit card details. Of the seven billion modern SIM cards in circulation, hundreds of millions are estimated to be susceptible. It took a long time - more than 20 years, to be exact - but the humble SIM card that sits within your phone, and seven billion others, has finally been hacked.